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Rejection ud-"-- ™ Sl02f bl 

Further, ihe Office Action maintains the rejection of claims 1-10, 13-39, 41-44, 47-57, 
59 and 61-63 under 35 U.S.C. §102(b) as being unpatentable over Lampson et al-, 
-Authentication in Distributed Systems: Theory and Practice", ACM Transactions on 
Computer Systems, Vol. 10, No. 4, Nov. 1992, pgs. 265-310. Applicants respectfully traverse 
the rejection because the teachings of Lampson et al. fail to disclose, teach or suggest all the 
features in the rejected claims. 

Independent Claim 1 

As noted in Applicants' specification, cryptographic representation of an organization 
has typically been defined statically, for a given time. But, such representation has limits 
especially in organizations facing structural or dynamic changes. Thus, Applicants* invention 
of claim 1 relates to control and maintenance of an operational organizational structure to 
solve, for example, management of dynamic organizations which often can face significant 
structural changes. To facilitate this control and maintenance, Applicants' method of claim 1 
associates entities with cryptographic capabilities and organizes the entities within the 
organizational structure as roles. The claimed method further maintains (i.e., changes, 
updates, etc.) the roles within the organizational structure. 

The Examiner argues that the Lampson et al. theory of authentication and the system 
that implements it "is the 'method* in which a system in which an operational organization 
structure is controlled, where the operational structure is the structure of the authentication 
system that needs to be maintained as disclosed by Lampson et al." If the Examiner's position 
is that the operational organizational structure as claimed corresponds to the "structure of the 
authentication system" as disclosed by Lampson et al., then Applicants respectfully submit 
that Lampson et al. fail to disclose, teach or suggest any method for "control" and 
"maintenance" of that structure. Lampson et al. appears to merely disclose a static 
authentication system and the control that is discussed by Lampson et al. is traditional access 
control provided within such an authentication system. If the Examiner's position is that the 
operational organizational structure as claimed corresponds to the one or more principals 
acting within the authentication system disclosed in Lampson et al., then Applicants 
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respectfully submit that Lampson « aJ. fail to disclose, teach or suggest any method for 
'•control" and "maintenance" of those one or more principals. 

Lampson et al. merely disclose principals communicating with each other and a 
system that facilitates authentication of one principal to another. Lampson et al. do not 
disclose, teach or suggest controlling and maintaining those principals. Specifically, there is 
no disclosure, teaching or suggestion by Lampson et al. regarding a method to maintain 
principals in an operational organizational structure. Further, to the extent the operational 
organizational structure as claimed includes a certification authority, Applicants respectfully 
submit that Lampson et al. also tail to disclose, teach or suggest any method for -control" and 
"maintenance" of a certification authority. Specifically, there is no disclosure, teaching or 
suggestion by Lampson et al. regarding a meihod to control a certification authority in an 
operational organizational structure- Indeed, the failure to disclose, teach or suggest control 
over a certification authority in Lampson et al. is supported by the disclosure in Lampson et 
al. that their system can have certification authorities off-line. See page 278 of Lampson et al. 

The Examiner further argues that the 'Toles that Lampson et al. discusses are roles for 
principals, where principals themselves are 'entities'." Applicants respectfully submit, 
however, that this argument does not address how Lampson et al. discloses, teaches or 
suggests organizing entities within an organization structure as roles, entities which have 
associated cryptographic capabilities. While Lampson et al. discloses principals - entities in 
terms of the claimed method - having roles, Lampson et al. fail to disclose, teach or suggest 
any method for organizing principals within an organizational structure, let alone organizing 
those principals with roles. The roles of principals discussed in Lampson et al. appear to be 
predetermined and supplied to the authentication system of Lampson et al. See, e.g.. p. 268 of 
Lampson et al. as cited by the Office Action. Thus, Lampson et al. simply do not describe a 
method to structure or organize entities, entities which have associated cryptographic 
capabilities, within an organizational structure as roles as recited in claim 1 . 

Additionally, Examiner failed to respond to Applicants' additional argument that 
Lampson et al. fail to disclose, teach or suggest maintaining roles within the organizational 
structure. As noted above, while the authentication system of Lampson et al. may be applied 
to an organization, Applicants submit there is no disclosure, suggestion, or teaching by 
Lampson et al. how their system or its operation can or does maintain (i.e., update, change, 
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etc.) roles within an organizational structure. Rather, the Larapson et al system and its 
operation merely facilitates secure communication using principals as roles. See, e.g., p. 268 
of Lampson ex al. 

Therefore, Applicants respectfully submit that Larapson et al. fail to at least disclose, 
teach or suggest a "method for control and maintenance of an operational organizational 
structure; 1 comprising ^associating entities with cryptographic capabilities", "organizing 
entities within the organizational structure as roles", and Maintaining roles within the 
organizational structure 7 ' as recited in independent claim 1 and its dependent claims 1-4, 6-10, 
ai*4 13-15. 

Independent Claim 16 

With respect to independent claim 16 and its dependent claims 1 7-39, 41-44, and 47- 
51, the Examiner has not specifically responded to the arguments made in Applicants* 
Amendment filed March 29, 2004. Thus, the Examiner has failed to identify specific reasons 
why Applicants 5 arguments are not persuasive and why these claims are not allowable in 
view of those arguments and Lampson et al. Accordingly, Applicants submit that the 
Examiner has failed to provide the specific reasoning sufficient for a proper basis for this 
rejection. See, e.g., In re Armbruster, 185 USPQ 152 (CCPA 1975), Jn re Lee, 61 USPQ2d 
1430, 1433 (Fed. Cir. 2002) ("obligation of the agency to make the necessary findings and to 
provide an administrative record showing the evidence on which the findings are based, 
accompanied by the agency's reasoning in reaching its conclusions 7 '). The Examiner's 
conclusory statement that Applicant's arguments were considered and found not persuasive is 
inadequate and the Examiner's reasoning regarding independent claim 1 and its dependent 
claims are inapposite. 

Therefore, Applicants re-submit that Lampson et al fail to disclose, teach or suggest 
any type of "system for control and maintenance of an operational structure" as recited in 
claim 16. Rather, Lampson et al. is directed to a security system, particularly an 
authentication system- 
Further, Applicants resubmit that Lampson et al. provides no disclosure regarding 
"maintaining capabilities of entities", such as a role in an organization (see. e.g.. claim 19), 
"maintaining functions of entities", such as an operation by a functionary in an organization 
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tsee, eg . clairo 22), "mainiaining characteristics of entities", such as an entity's size, 
threshold for a quorum, or visibility {see. e.g.. page 21 of the specification) or "maintaining 
relationships of entities". As discussed above in respect of claim I, while the authentication 
system of Lampson et al. may be applied to an organization, Applicants submit there is no 
disclosure, suggestion, or teaching by Lampson el al. how raeir system or its operation can or 
does maintain capabilities, functions, characteristics and relationships of entities within 
organizations as recited in claim 16. Rather, the Lampson et al. system and its operation 
merely facilitates secure communication. 

Applicants also resubmit that Lampson ct «1. fail to provide any disclosure, teaching 
or suggestion regarding changing the maintained said entities said characteristics and said 
relationships" as recited in claim 16. While the Lampson et al. authentication system may be 
applied to an organization, all relevant data about such organization is merely supplied to and 
used by the authentication system of Lampson et al. There simply appears to be no disclosure, 
teaching or suggestion regarding changing maintained entities, characteristics and 
relationships within an organization. Applicants submit the discussions at pgs. 271-274 of 
Lampson et al. (as cited by the Office Action) regarding statements is inapposite. There, 
Lampson et al. set forth how they propose to handle statements in their system for the 
purposes of authentication. For example, they address how to handle circumstances where 
one principal makes a statement on behalf of another principal. There is no indication or 
suggestion of any son that the statements referenced in Lampson et al. perform any type of 
changing maintained entities, characteristics and relationships within an organization. 
Lampson et al. merely discuss how to handle authentication of statements. 

Accordingly, the teachings of Lampson et al. fail to at least disclose, teach or suggest 
a "system for control and maintenance of an operational structure" comprising "maintaining 
capabilities of entities", "maintaining functions of entities", "maintaining characteristics of 
entities", "maintaining relationships of entities", and "changing the maintained said entities 
said characteristics and said relationships" as recited in independent claim 16 and its 
dependent claims 17-39, 41-44, and 47-51. 
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Independent Claim 52 

With respect to independent claim 52 and its dependent claims 53-57, 59 and 61-63, 
the Examiner has not specifically responded to the arguments made in Applicants* 
Amendment filed March 29, 2004. Respectfully, the Examiner has failed to identify specific 
reasons why Applicants' arguments are not persuasive and why these claims are not 
allowable in view of those arguments and Lampson et al. Accordingly, Applicants submit 
that the Examiner has failed to provide the specific reasoning sufficient for a proper basis for 
this rejection. See. e.g.. In re Armbruster, 185 USPQ 152 (CCPA 1975), In re Lee, 61 
USPQ2d 1430, 1433 (Fed. Cir. 2002) ("obligation of the agency to make the necessary 
findings and to provide an administrative record showing the evidence on which the findings 
are based, accompanied by the agency's reasoning in reaching its conclusions"). Examiner's 
conclusory statement that Applicant's arguments were considered and found not persuasive is 
inadequate and Examiner's reasoning regarding independent claim 1 and its dependent claims 
are inapposite. 

Therefore, Applicants re-submit that Lampson et al. disclose a security system. In an 
embodiment, the system of Lampson et al. may make use of a certification authority as is 
well known. With respect to such a certification authority, Lampson et al. disclose the 
traditional methods of key and certificate management (including issuance, revocation, etc.). 
See. «r Lampson et al., pgs. 283-285. For secure communication, the Lampson et al. system 
simply relies on, for example, checking the integrity (e.g., expiry) of the certificates 
themselves or checking certificate revocation lists but does not address, for example, the 
basic issue of the proper association of an entity to a cryptographic capability. Thus, 
Applicants submit that Lampson et al., particularly at PI- 270, do not disclose, teach or 
suggest a maintenance system by which the database, representing entities of an organization 
and their characteristics, roles and relationships, and the cryptographic authorities are 
maintained in coordination and by authorized parties assuring the representation of the 
organization and such that the cryptographic capabilities are soundly associated as recited in 
claim 52. 

Further, Applicants re-submit that Lampson et al. do not disclose, teach or suggest 
maintenance transactions acting within said maintenance system, maintaining a view 
representing an organization as recited in claim 52. As discussed above, Lampson et al. do 
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not disclose any son of maintenance system. Moreover, Lampson el al. do not disclose 
maintaining any sort of view representing an organization. Page 270 of Lampson et al. merely 
discloses gathering of information and using algorithms to check whether to grant access. 
Applicants submit that there is just no indication that the gathering and checking corresponds 
io maintaining a view representing an organization. 

Accordingly, the teachings of Lampson et al. fail to at least disclose, teach or suggest 
a system comprising "a maintenance system by which said database and said cryptographic 
authorities are maintained in coordination and by authorized parties assuring the 
representation of said organisation and said cryptographic capabilities are soundly associated 
as defined by the coordination directives" and "maintenance transactions acting within said 
maintenance system, maintaining a view representing an organization" as recited in 
independent claim 52 and its dependent claims 53-57. 59 and 61-63. 

Therefore, for at least the above reasons, Lampson et al. fail to disclose, suggesx or 
teach all the features of claims 1-10, 13-39, 41-44, 47-57, 59 and 61-63, which claims are 
thus at least patentable under 35 U.S.C §102 and 35 U.S.C. §103. The rejection of claims 1- 
10, 13-39, 41-44, 47-57, 59 and 61-63 is traversed and claims 1-10, 13-39, 41-44, 47-57, 59 
and 6 1 -63 are allowable. 

Rejection u nder 35 U.S.C. Sl03fa) 

Furthermore, the Office Action rejected claims 11, 12, 40, 45-46, and 58 under 35 
U.S.C. §103(a) as being obvious over Lampson et al. and rejected claim 60 under 35 U.S.C. 
§103(a) as being obvious over Lampson et al. in view of the Unified Modeling Language 
Version 1.0 (January 13, 1997) (~UML specification"). As Applicants submit above that 
independent claims 1, 16, and 52 are novel and non-obvious in view of Lampson et al.. 
Applicants accordingly submit that claims 11, 12, 40, 45-46, 58 and 60, which respectively 
are directly or indirectly dependent from independent claims 1, 16 and 52, are therefore not 
obvious. Further, the UML specification, on its own or in combination with Lampson et al. 
plainly fails to provide any disclosure, teaching or suggestion regarding independent claims 
1, 16 and 52, let alone dependent claim 60. Thus, for at least the above reasons, Lampson et 
al. fail to disclose, suggest or teach all the features of claims 1 1, 12, 40, 45-46. and 58 and 
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Lampson et al- in combination with the UML specification fail to disclose, suggest or teach 
all the features of claim 60. Thus, the rejection of claims 11, 12, 40, 45-46, 58 and 60 is 
Traversed and claims 1 1, 12, 40, 45^6. 58 and 60 are allowable. 

All rejections having been addressed, it is respecriully submitted that the present 
application is in condition for allowance. If questions relating to patentability remain, the 
examiner is invited to contact the undersigned to discuss them. 

Should any fees be due, please charge them to our deposit account no. 03-3975, under 
our order no. 061047/0265650. The Commissioner for Patents is also authorized to credit any 
over payments to the above-referenced deposit account. 



JDK/JGH:tmt 

P.O. Box 10500 
McLean, V A 22102 

Tel. No.: 703-905-2000 
Fax No. 703-905-2500 



Respectfully submitted, 

PILt^fiURY WINTHROP LLP 

/ 

^ \ A 
Jeffrey D.^rceWi 

Reg. No. 35\9r4>> 
Tel. No. 703^05^110 

Jean-Paul Hoffman 
Reg. No. 42663 
Tel. No.: 703-905-2094 
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